#!/bin/sh
##############################################################################
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License version 2 as
# published by the Free Software Foundation.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
# GNU General Public License for more details.
# 
# Copyright (C) 2016 Eric Luehrsen
#
##############################################################################
#
# TODO: This file will build the UCI for Unbound. This iteration only puts
# our default unbound configuration and root.key into /var/lib/unbound.
#
##############################################################################

# TODO: Just default definitions versus real UCI coming soon.
UNBOUND_B_MAN_CONF=1
UNBOUND_B_DNSSEC=1
UNBOUND_N_ROOT_AGE=7

##############################################################################

UNBOUND_ANCHOR=/usr/bin/unbound-anchor
UNBOUND_CONTROL=/usr/bin/unbound-control

UNBOUND_LIBDIR=/usr/lib/unbound

UNBOUND_PIDFILE=/var/run/unbound.pid

UNBOUND_VARDIR=/var/lib/unbound
UNBOUND_CONFFILE=$UNBOUND_VARDIR/unbound.conf
UNBOUND_KEYFILE=$UNBOUND_VARDIR/root.key
UNBOUND_HINTFILE=$UNBOUND_VARDIR/root.hints
UNBOUND_CHECKFILE=$UNBOUND_VARDIR/unbound.check

##############################################################################

. /lib/functions.sh
. /lib/functions/network.sh

. $UNBOUND_LIBDIR/rootzone.sh

##############################################################################

unbound_mkdir() {
  mkdir -p $UNBOUND_VARDIR
  
  
  if [ -f /etc/unbound/root.hints ] ; then
    # Your own local copy of root.hints
    cp -p /etc/unbound/root.hints $UNBOUND_HINTFILE
    
  elif [ -f /usr/share/dns/root.hints ] ; then
    # Debian-like package dns-root-data
    cp -p /usr/share/dns/root.hints $UNBOUND_HINTFILE
    
  else
    logger -t unbound -s "iterator will use built-in root hints"
  fi
  
  
  if [ -f /etc/unbound/root.key ] ; then
    # Your own local copy of a root.key
    cp -p /etc/unbound/root.key $UNBOUND_KEYFILE
      
  elif [ -f /usr/share/dns/root.key ] ; then
    # Debian-like package dns-root-data
    cp -p /usr/share/dns/root.key $UNBOUND_KEYFILE
      
  elif [ -x "$UNBOUND_ANCHOR" ] ; then 
    $UNBOUND_ANCHOR -a $UNBOUND_KEYFILE
        
  else
    logger -t unbound -s "validator will use built-in trust anchor"
  fi
}

##############################################################################

unbound_conf() {
  # TODO: Just structure to real UCI coming soon.
  if [ "$UNBOUND_B_MAN_CONF" -gt 0 -a -f /etc/unbound/unbound.conf ] ; then
    # You don't want UCI and use your own manual configuration
    cp -p /etc/unbound/unbound.conf $UNBOUND_CONFFILE
  fi
}

##############################################################################

unbound_own() {
  # Debug UCI
  {
    echo "# $UNBOUND_CHECKFILE generated by UCI $( date )"
    echo
    set | grep ^UNBOUND_
  } > $UNBOUND_CHECKFILE
    
  
  if [ ! -f "$UNBOUND_CONFFILE" ] ; then
    # if somehow this happened
    touch $UNBOUND_CONFFILE
  fi
  
  
  # Ensure Access
  chown -R unbound:unbound $UNBOUND_VARDIR
  chmod 775 $UNBOUND_VARDIR
  chmod 664 $UNBOUND_VARDIR/*
}

##############################################################################

unbound_prepare() {
  unbound_mkdir
  unbound_conf
  unbound_own
}

##############################################################################